Description of problem:
A regression was found in the fix for CVE-2011-3389/7064341 that was applied to Oracle JDK 6u29 and matching OpenJDK update. This causes connections to certain SSL servers to hang:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7103725
In our case, this problem was reported for JBoss products using JDBC to connect to Microsoft SQL server. Some workarounds were identified:
- use non-CBC cipher (e.g. one of RC4 cipher suites)
- disable CVE-2011-3389 mitigation using -Djsse.enableCBCProtection=false
Related Support Essentials article:
https://access.redhat.com/kb/docs/DOC-67350